echelon | 950a2d9a7a0f39f9ab008c76c96e9fc8a93a0eefa5031d0aa01453657df07c18 | Triage

Submit
Reports

Overview

overview

Static

static

950a2d9a7a...18.exe

windows7-x64

8

950a2d9a7a...18.exe

windows10-2004-x64

Sharing

General

Target

950a2d9a7a0f39f9ab008c76c96e9fc8a93a0eefa5031d0aa01453657df07c18
Size

35.9MB
Sample

220720-gx7mmaceg9
MD5

1aa9acffe0e10bbb240e0dfa07936d38
SHA1

f0624cc7588dd3d8cb0a5f618afa518097aabb69
SHA256

950a2d9a7a0f39f9ab008c76c96e9fc8a93a0eefa5031d0aa01453657df07c18
SHA512

cd89eb5ab041a81f77f015b13485010b105704fc04125177c7045c950a4c40759a1f5359ec2e1f590bb8ee493e7b7f04e84f362c232953de6bbb32a386841b55

Score

10^/10

echelon spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

950a2d9a7a0f39f9ab008c76c96e9fc8a93a0eefa5031d0aa01453657df07c18.exe

Resource

win7-20220718-en

spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

950a2d9a7a0f39f9ab008c76c96e9fc8a93a0eefa5031d0aa01453657df07c18.exe

Resource

win10v2004-20220718-en

echelon spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  950a2d9a7a0f39f9ab008c76c96e9fc8a93a0eefa5031d0aa01453657df07c18
- Size
  
  35.9MB
- MD5
  
  1aa9acffe0e10bbb240e0dfa07936d38
- SHA1
  
  f0624cc7588dd3d8cb0a5f618afa518097aabb69
- SHA256
  
  950a2d9a7a0f39f9ab008c76c96e9fc8a93a0eefa5031d0aa01453657df07c18
- SHA512
  
  cd89eb5ab041a81f77f015b13485010b105704fc04125177c7045c950a4c40759a1f5359ec2e1f590bb8ee493e7b7f04e84f362c232953de6bbb32a386841b55
Score

10^/10

spyware stealer echelon
- Echelon
  Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.
  stealer spyware echelon
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

echelonspywarestealer

© 2018-2024

Terms | Privacy